code from index.php
Code: Select all
<form name="form1" method="post" action="checklogin.php" >
<td width="75" height="153"><p> </p>
<td width="230"><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="ffffff">
<tr>
<td colspan="3"><strong>Member Login</strong></td>
</tr>
<tr>
<td width="69">Username</td>
<td width="4">:</td>
<td width="198"><input name="myusername" type="text" id="myusername" /></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input type="text" name="mypassword" id="mypassword" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input name="Submit" type="submit" id="Submit" value="Submit" /></td>
</tr>
</table>
<p>
</p>
</form>Code: Select all
//connect to sql server and select database
mysql_connect("$host","$db_username","$db_password") or die("can not connect to server");
mysql_select_db("$db_name") or die ("can not connect to database");
////username and password sent from form
$myusername =$_POST['myusername'];
$mypassword =$_POST['mypassword'];
//protect sql injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' AND password='$mypassword'";
$sql=strip_tags($sql);
$result=mysql_query($sql);
echo "$sql <br>";
echo "here is the full document location: $doclocation <br>";
//mysql_num_row is counting table row
//$count=mysql_num_rows($result);
//if result matches $myusername AND $mypassword, table row must be one row
if(mysql_num_rows == 0)
{
echo "wrong";
}
else
{
$userdetails = mysql_fetch_array($sql);
$_SESSION['username'] = $userdetails('username');
$_SESSION['userid'] = $userdetails('user_id');
$_SESSION['level'] = $userdetails('level');
$_SESSION['email'] = $userdetails('email');
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
?>doing a show columns from test_users returns
Field Type Null Key Default Extra
user_id int(11) PRI auto_increment
username varchar(255) YES
password varchar(255) YES
email varchar(255) YES
level int(11) YES
which is correct
just can not see what is going on